Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
ETag
Link
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Request-ID
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-CST
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Backend-Server
X-Application-Context
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-Mod-Pagespeed
X-DynaTrace
X-Upstream-Env
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-HW
MS-Author-Via
X-VARITI-CCR
X-GitHub-Request-Id
X-DataStream-Cache-Status
AR-PoweredBy
AR-ATIME
AR-CACHE
Arc-Version
PB-RID
PB-PID
X-Mobile-Rewrite
X-MS-InvokeApp
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-ORACLE-DMS-RID
X-Exp-Id
Charset
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
X-Abt-Application-Version
RTSS
Ar-Sid
X-PC
X-TtlSet
X-Vname
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-Varnish-TTL
X-Trace
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Client-IP
SPRequestGuid
X-TTL
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-VCache
X-FTR-Expires
X-Amz-Rid
X-SharePointHealthScore
X-Ttl
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Oracle-Dms-Rid
Arr-Disable-Session-Affinity
X-Shield-Request-Id
TCN
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-XRDS-Location
DynaTrace
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
SPRequestDuration
SPIisLatency
X-Akam-SW-Version
X-T
Access-Control-Request-Method
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Id
X-Powered-CMS
Front-End-Https
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
Tracecode
Realpath
X-MSEdge-Ref
Fastcgi-Cache
X-B3-TraceId
X-Aspnet-Version
X-N
Paypal-Debug-Id
X-Varnish-Age
X-Forwarded-For
X-Content-Type
Alternate-Protocol
X-Upstream
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-RateLimit-Remaining
Display
X-Middleton-Display
X-Sol
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Middleton-Response
Response
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Component-Id
Fusion-Template-Id
X-Content-Digest
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Litespeed-Cache
X-Fastcgi-Cache
X-Srv
X-B3-Traceid
X-Accel-Buffering
X-Pad
X-Accel-Expires
X-Cache-Key
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Server-Name
Host
X-Content-Options
X-User-Agent
X-Analytics
Backend-Timing
X-Correlation-Id
X-LB-Cache
X-Debug-Info
X-Revision
Refresh
X-Az
X-Rid
X-Amz-Apigw-Id
X-Activity-Id
X-Amzn-RequestId
X-AppVersion
Accept-Charset
X-B
FilterID
X-IPLB-Instance
X-DataStream-MidMile-RTT
X-DIS-Request-ID
X-DataStream-Origin-MEX-Latency
X-B3-Sampled
X-Cache-2
X-Cache-Hit
X-CF-Powered-By
Powered-By-ChinaCache
Surrogate-Key
X-Grace
ServerID
X-FastCGI-Cache
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-Cache
TP-L2-Cache
Host-Header
X-Request-Processing-Time
MS-CV
X-Request-Received
X-Content-Security-Policy-Report-Only
X-Cached-By
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-Origin-Server
VIX-Pulpo-Node
X-Varnish-Backend
Source
X-Amz-Replication-Status
X-TT
X-Framework
X-App-Environment
X-Cluster
X-Cache-Action
X-Kong-Upstream-Latency
X-UA-Device-Type
Cache-Status
X-Kong-Proxy-Latency
X-Tumblr-Pixel
X-Mobile
X-Platform-Server
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Tumblr-User
X-Webkit-CSP
X-Request-Guid
X-FW-Hash
X-FW-Server
X-Shard
X-Ezoic-Cdn
X-FW-Serve
X-F-Cache
X-FW-Static
X-Varnish-Grace
X-FW-Type
X-Drupal-Cache-Tags
X-Ruxit-Js-Agent
X-Instance
X-RateLimit-Limit
X-Zen-Fury
X-SS-Set-Cookie
X-Geo-Country
X-FB-Debug
X-Handled-By
X-GUploader-UploadID
X-Magnolia-Registration
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
From-Origin
X-ATG-Version
PageSpeed
X-Node-Name
X-Cache-Age
CACHE
X-App-Server
X-Varnish-Hostname
X-Varnish-Server
DC
Cleartype
Cache-Tags
X-BCube-Filmed-By
X-AOL-HN
X-XRDS-LOCATION
X-Cache-Control
Payment
Healthy
X-Region
Upgrade-Insecure-Requests
X-RequestSource
X-Response-Served-From
Filters
X-WebKit-CSP-Report-Only
X-Generated-By
X-Adobe-Content
X-GeoIP
X-TX-ID
X-Adobe-Loc
Country
X-RTag
X-TT-TIMESTAMP
X-Storage
Cache-Tv-Group
Server-Node
Webserver
X-VG-WebCache
NGB
X-Redis-Cache
Ms-Operation-Id
X-UUID
X-FW-Dynamic
X-B-Cache
X-Tumblr-Pixel-2
X-Jobs
X-Signature
X-Wix-Server-Artifact-Id
X-Tumblr-Pixel-1
X-Drupal-Cache-Contexts
Retry-After
Actual-Object-TTL
X-Locale
X-Cacheable-TTL
X-Content-Age
Fastly-Restarts
X-Cache-Rule
X-Varnish-Hits
GEO-INFO
ServedBy
X-Seen-By
Liferay-Portal
X-Contextid
Powered
X-Via-JSL
Frame-Options
X-TA-CDN-Provider
HitType
X-Rendered-As
X-Cache-TTL-Remaining
X-Varnish-IP
X-Oneagent-Js-Injection
X-BACKEND-TTL
X-Guploader-Uploadid
X-Real-IP
X-Yottaa-Optimizations
X-WA-Info
X-Yottaa-Metrics
Viewport
S-Cnection
X-Cache-Server
X-RemovedCookies
X-Upgrade-Enabled
Content-Style-Type
Content-Script-Type
Eomportal-Instance
X-ProcessESI
Datacenter
X-GRACE
X-Cache-NE
Xserver
X-Mode
NtCoent-Length
X-Cache-Config
X-Esi
Nel
X-Akamai-Transformed
X-Is-Bot
X-Path-Route
X-Varnish-Cache-Hits
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-RN-RSRV
X-Hl-Ver
X-Proto
X-ES-SERVER
X-Wix-Request-Id
ViewerVersion
X-Time
Mn-Server-Ip
Meta-Geo
Machine
X-S
Cache-Key
Cache-Hits
X-Device-Type
Load-Balancing
X-Detected-As
X-Cache-Var-Map
X-From
X-Cache-Var
X-Endurance-Cache-Level
X-L-Path
X-Environment-Context
X-FC-Vary-Parameters
X-Cache-Enabled
X-AWS-Id
X-Access
X-Hosted-By
X-LJ-Flow-ID
X-Viewer-Country
X-VWS-Id
X-VG-TLSProxy
X-Section
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
TWC-Device-Class
Property-Id
OT-Force-Account-Verify
Mail-Subject
TWC-GeoIP-Country
TWC-GeoIP-LatLong
We-Hiring
Webcakes-App-Name
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Locale-Group
Access-Control-Request-Headers
L5d-Success-Class
X-NewRelic-App-Data
X-Birta-Cache-Post
X-Birta-Served
X-Debug-Cache
X-Backend-Name
X-EIG-Tracking-Id
X-Akamai-Request-ID
DB-Nickname
Azure-Version
Origin-Cache-Control
Origin-Edge-Control
S-Rt
X-Format
X-FW-Version
X-Time-Microsecs
X-Via-CDN
X-Web-Node
X-Tb
X-Status
X-ServerID
X-Labrador-Cache-Channel
X-Loop
X-Origin-Response-Time
X-Proxy
Azure-SlotName
X-TNCMS
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-PCL
X-OCL
X-Proxy-Build
X-ProxyCache-Key
X-ProxyCache-Status
X-CCM
Cache-Tag
X-Human
X-IP
X-JoinUs
Selected-FE
X-Cache-Operation
Now
X-BYPASS-REASON
X-Xfnlog-Site
Decoy-Debug-TTL
Decoy-Debug-Status
NGX
Decoy-Debug-Key
X-FB-TRIP-ID
X-Via-Fastly
X-Timing-Wait
X-Trace-Id
X-Tumblr-Pixel-3
X-Varnish-Cacheable
X-Cache-Category-Id
X-Generated
X-Site-Version
X-Cdn
X-NCache
X-MP-GENERATED-AT
X-Grey
X-Www-Served-By
X-Rocket-Nginx-Bypass
Uber-Trace-Id
X-Vgn-Hpd-Reason
X-CDN-Cache
Served-By
X-Internal-Host
X-NWS-LOG-UUID
X-VC-Cache
X-R9-Blue-Green-Version
X-Sucuri-ID
X-UA
LB
X-EdgeConnect-Cache-Status
X-Rule
X-Dynatrace-Js-Agent
X-RCS-CacheZone
X-Cache-Remote
X-Origin-Host
AsisCache
X-Newrelic-App-Data
X-UnsetCookies
Release
X-Cluster-Node
Pagespeed
Rt-Fastcgi-Cache
User-Agent
X-TIME
X-App-Name
X-PERF
X-ApacheServer
X-B3-Spanid
Hostname
X-Nginx-Cache
X-Agile
X-Agile-Age
X-Agile-Id
X-APP-VERSION
X-Source
X-Ua
X-Datadome
Cache-Name
X-Request-Time
X-Ocache
X-Edge-Location
X-App-Version
X-Sucuri-Cache
X-Pubstack
X-OVcl
X-OVcl-Cache
X-Hit
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin-TTL
X-VCT
X-Origin-CC
X-Edge-IP
Warning
X-Protected-By
X-ElasticPress-Search
X-Rojux
X-Debug-Cache-Expiry
X-B-Cookie
Arc-Country
X-BB-ID
X-Debug-Cache-Store
X-Instart-Isnd
X-ARC
X-Debug-Cache-Fetch
X-Date
Cache-Prefix
X-Connection-Hash
X-CF-Lambda-Fn
Ec-Rule-Version
X-Core-Value
X-IN-WAF
BehaviorPad-Version
X-D
X-Application
X-Hp-Webp
X-Gannett-Site-Version
Fly-Cache
Cross-Origin-Window-Policy
X-G
X-Developer
X-Cache-Expires
X-Developers
X-External-Request-Id
X-Generated-In
X-DPWN-IS-SECURE
X-Debug-Log
X-Debug-Cookies
X-Cache-Grace
X-Aed
Ajk
X-Destination
Fly-Request-Id
X-Cache-ASPX
X-IN-APIGATEWAY
X-NodeID
X-Secret
X-Processor
X-CACHE-KEY
X-Up
X-Twitter-Response-Tags
Thinkindot-Control
X-Var-Ttl
UCS
X-Server-Group
Origin
X-PAYTM-SRV-ID
X-Platform
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Transaction
X-ScT
X-S-Cookie
X-Request-UUID
X-Rewrite-Enabled
X-Region-Sid
Server-Surrogate-Control
Request-Country
Rendered-Blocks
Request-EU
X-Trv-Group
Request-Time
On-Server
X-Varnish-Authentication
X-SRCache-Key
MD5-Digest
X-CF-Lambda-Version
X-NU-AKA-ACS-Version
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
Xc-Version
X-Logtrace-Id
X-Matched-Rule
X-Accel-Expires-Debug
X-Mobile-URL
X-A-Wwc
Server-Cache-Control
X-NX-Host
X-VG-WebServer
Meta-Geo-Continent
Node
Www
X-A
N-Cache
X-Cache-Backend
X-Cdn-Forward
Server-Host
X-Cache-Info
X-Cache-Debug
X-C
Web-Mar-Node
X-Cache-Miss-From
X-Amzn-Remapped-Connection
X-Cache-Host
X-Cache-Id
True-Client-Country-4JS
X-Block-Status
Server-Int
SRV
User-Cache-Control
X-LAGOON
X-Servername
X-ServiceProvider
X-Varnish-Url
X-Page-Type
X-PHP-Host
X-Origin-Expires
X-Origin-Date
X-SN
X-SIPLIST1
X-Sf
X-Via-Edge
X-Policy
X-Sedo-Request-Id
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Reboot
X-Refresh
X-Request-URI
X-RateLimit-Remaining-Second
X-TT-LOGID
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Qloud-Router
X-RateLimit-Limit-Second
X-No-Session
X-Via-SSL
X-Eu-Site
X-Epic-Correlation-Id
X-F5-Cache
X-Gen-Mode
X-Geo-Header
X-Distributor
X-Distil-CS
X-Cms-Context
X-Crawler
X-Device-Os
X-Dispatcher-Server
X-Hash
X-Hnp-Log
X-Location
X-LI-UUID
X-Swa-Ws
X-Webstats-RespID
X-Nginx-Cache-Key
X-LI-Proto
X-Li-Pop
X-Info
X-Irp-Debug
X-Key
X-Li-Fabric
X-CGP
X-Amzn-Remapped-Date
Fastly-SWR
Memcached
AKAMAI
Fastly-Soc-X-Request-Id
Heartbleed
Fastly-SIE
Magicmarker
Lfy
Cache-Cookie-Set-Lfrom
HA-Ipaddr
Ha-Gx-Prefs
IsBot
Kp-EeAlive
Apple-News-Services-Handled
Fastly-Backend-Name
Cache-Cookie-Set-From
Pagetype
Cache-Cookie-Set-Idcheck
RNT-Machine
RNT-Time
CDCHOST
Backend
Proxy-Connection
Pramga
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Content-Disposition
Apple-News-Services-Request-Url
Country-Code
X-Varnish-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-FireWall-Port
X-GeoIP-City
Adler-Geo
X-Fastly-Cache
X-GeoIP-Country-Code
X-Fetched-On
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Generated-On
X-Node-Id
X-Real-Ip
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Skip-Cache
X-Thanos
X-TrackingId
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Variation
X-User
X-Shopify-Stage
X-ShopId
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-MSEdge-Features
X-Ah-Environment
X-Planisys-CDN-TTL
SD-X-WS
X-ShardId
X-Server-IP
X-WPE-Loopback-Upstream-Addr
X-S-Maxage
X-Level-Front-Cache
X-MSEdge-Flight
X-Amzn-Remapped-Content-Length
HTTPS
X-Alternate-Cache-Key
Is-Eu
X-Backend-Host
X-Backend-State
X-Bip
X-BBXSRF
X-Backend-Url
X-Cache-Bucket
X-Core-Mission
X-Amz-Meta-Cache-Control
Fastly-SSL
Platform
X-Cache-FS-Status
X-Micro-Cache
DSUID
X-Cdn-Srv
X-Server-Time
X-Auto-Login
X-Owner
X-Nc
Section-Io-Cache
X-GZip
ServerName
FNAC-ModuleRouting
X-CUA
Server-ID
Powered-By
Cteonnt-Length
X-RateLimit-Reset
Fastcgi-Useragent
X-Varnish-Beresp-Ttl
X-Dc
X-Org
Pragrma
X-CDN-Forward
X-Load-Cache
X-Passed-To-DLL
X-Pjax-Url
X-Passed-To-BeforeDispatch
X-Original-Request
Gh-Request-Id
REQUESTUUID
X-Passed-To
X-Actual-URL
VivaBuild
Viewtype
X-Stale
X-Svr
X-Server-By
X-Returned-From-PostProcessResponse
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Parent-Response-Time
X-Passed-To-PostProcessResponse
X-Aicache-OS
X-Apm-App-Name
V-Age
X-VServer
X-FPC
X-HS-Cache-Config
X-Croise-Owner
X-Sn-Servicetimems
X-Apm-Svc-Key
X-Cdn-Origin
X-Apm-Inst-Hash
Host-ID
X-Unique-ID
MIME-Version
Cdn-Host
X-NC
X-ND-Cache
Cdn-Request-Time
X-Geo
X-Edge-Server
Rt-Proxy-Cache
X-Exp-Se
X-Microcachable
Mime-Version
X-Ua-Device
X-Gdpr
X-CSRF-TOKEN
X-Served-From
Cache
X-B3-Parentspanid
X-Oss-Server-Time
Time
Memory
SID
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
PICS-Label
X-Oss-Request-Id
X-Servedbyhost
HostName
ProcessTime
X-Wa
X-V
X-Tb-Optimization-Total-Bytes-Saved
X-Req
Resin-Trace
Cf-Ipcountry
Wxu-Next-Commit
Wxu-Next-Region
X-DC
Wxu-Next-Hostname
X-From-Cache
X-Git-Hash
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-Cache-HT
X-Optimization
AR-SID
X-Lb-Id
X-HTML-Minification-Powered-By
Cdn
CF-IPCountry
X-Varnish-Beresp-TTL
X-Fstrz
X-Release
X-WebServer
X-TH-Server
Public-Key-Pins-Report-Only
X-Response-By
X-Atg-Version
X-Host-Name
X-Phone
X-Fastly-Backend-Reqs
GMS-Ver
Proxy-Firewall
XServer
Processtime
X-GEO
X-ID
X-Instart-Info
X-WR-MODIFICATION
Fastcgi-X-Cache-Version
X-APP
X-LB-ID
X-Vcl-Version
CF-Cached-On
X-Daa-Tunnel
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-Upstream-CT
WZWS-RAY
Backend-Name
X-Upstream-HT
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Worker
X-Amz-Meta-Surrogate-Control
X-Nananana
X-Zone
X-Check-Cacheable
188prxHost
178proxuri
Mobile-Detection-Method
GW-Server
219prxHost
225prxHost
189phosttRef
Xxline
286prxHost
X-NGINX-Cache
X-Clientip
355prline
352pxline
X-Server-W
Countrycode
X-WA
X-UE-Client-Country
X-Vcache
409pxxline
X-We-Are-Hiring
X-B3-SpanId
X-Ratelimit-Reset
SS
X-URL
X-IPS-LoggedIn
X-ServedByHost
X-Fastly-Country-Code
Pics-Label
X-HS-Status
X-Hyper-Cache
X-CSRF-Token
Version
Ohc-File-Size
Lb
GeoIp-Country-Code
X-Backend-TTL
Geoip-Latitude
SN
DataCenter
Esi-Enabled
FSS-Proxy
X-HS-Combine-CSS
X-SERVER-NAME
Geoip-City
X-PF-Uncompressing
FSS-Cache
X-SRV
X-Dynatrace
X-GZIP
X-Be
URI
X-Render-Time
X-VCL-Version
X-AssetVersion
X-UPSTREAM-Address
X-BE
X-Contensis-Viewer-Groups
X-Request-Start
X-Akamai-Request-ID2
Serverid
X-LiteSpeed-Cache-Control
X-GDPR
Accept-Language
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-Via-Ucdn
Ohc-Cache-HIT
X-Fpc
X-CS
WP-Super-Cache
X-Unique-Id
X-ZONE
X-Gen-Id
X-RequestId
X-PJAX-URL
CDN
X-NWS-UUID-VERIFY
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-UCC
X-HostName
X-FORWARDED-FOR
Dynatrace
Amp-Access-Control-Allow-Source-Origin
Cneonction
X-Hello
Who
X-Reqid
X-Urbn-Context-Path
X-Flog
RequestUuid
X-Via-NSCOPI
X-Urbn-Site-Id
X-Pf-Uncompressing
Locale
X-Fastly-Cache-Hits
X-Html-Edge-Cache
X-ABtesting
X-Varnish-Action
X-Cache-Ttl
X-Cdn-Cache
X-LiteSpeed-Tag
X-Request-Url
X-Cache-URL
A
Server-Id
X-Store
Accept-Ch
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
Is-Session-Tracking
Get-Access-Time
Ohc-Response-Time
X-Serial
X-Bug-Bounty
IBM-Web2-Location
X-Port
Frontcache
NnCoection
X-ServerName
X-Cdn-Request-ID
X-Dw-Trace-Id
X-HTML-Edge-Cache
X-EC-Lua